[Openvpn-devel] [PATCH] Windows: Set interface IPv6 prefix length when configuring address
Address prefix length defaults to /64 on Windows. This change allows using
Windows clients in setups that use a different prefix length.
Note: the ability to set the prefix length is documented in the netsh
'add address' command, but works on the 'set address' command as well.
Signed-off-by: Eyal Birger
---
src/openvpn/tun.c | 7 ---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c
index 25831ce..b2b4795 100644
--- a/src/openvpn/tun.c
+++ b/src/openvpn/tun.c
@@ -1561,15 +1561,16 @@ do_ifconfig(struct tuntap *tt,
}
else
{
-/* example: netsh interface ipv6 set address interface=42
2001:608:8003::d store=active */
+/* example: netsh interface ipv6 set address interface=42
2001:608:8003::d/64 store=active */
char iface[64];
openvpn_snprintf(iface, sizeof(iface), "interface=%lu",
tt->adapter_index );
argv_printf(&argv,
-"%s%sc interface ipv6 set address %s %s
store=active",
+"%s%sc interface ipv6 set address %s %s/%d
store=active",
get_win_sys_path(),
NETSH_PATH_SUFFIX,
iface,
-ifconfig_ipv6_local );
+ifconfig_ipv6_local,
+tt->netbits_ipv6);
netsh_command(&argv, 4, M_FATAL);
/* set ipv6 dns servers if any are specified */
netsh_set_dns6_servers(tt->options.dns6, tt->options.dns6_len,
actual);
--
2.7.4
--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Re: [Openvpn-devel] [PATCH 0/2] Make cryptoapicert work with TLS 1.2
2018-01-08 7:21 GMT+05:00 : > From: Selva Nair > > Hi, > > I am not sure how receptive the crypto maintaineres are to the > idea of adding more code into cryptoapi.c, but here goes: > > I've been wanting to add TLS 1.2 support for certs in the > Windows cert store using management external key. But that's > a lot more work than extending cryptoapicert support. And, > rather surprsingly, it turns out that the CNG API for signing is > easy to use (well after some groping in the dark..) and doesn't > take much to implement. > > So these patches.. > > The first patch is not really related and to make the existing code > "openssl-1.1 ready" (missed by past patches as no one probably builds > Windows binary with 1.1..). > there was an agreement on one of the recent community meetings to gracefully deprecate both libressl and openssl-1.0.X in favour of openssl-1.1.X so, we should learn how to build windows binary with 1.1.X :) > > The second patch is not dependent on this, but close-by code paths > are touched by both. > > Selva > > Selva Nair (2): > Bring cryptoapi.c upto speed with openssl 1.1 > TLS v1.2 support for cryptoapicert -- RSA only > > configure.ac | 1 + > src/openvpn/Makefile.am | 2 +- > src/openvpn/cryptoapi.c | 155 ++ > - > src/openvpn/openssl_compat.h | 14 > src/openvpn/options.c| 18 - > 5 files changed, 140 insertions(+), 50 deletions(-) > > -- > 2.1.4 > > > > -- > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > ___ > Openvpn-devel mailing list > Openvpn-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/openvpn-devel > -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
